How to hack my Tesla

This post is just for my own notes. I'm buying a new car (arrives in October) and I need to gather up notes on how to hack it.

To start with is the generic car hacking information. One good source I found is the Car Hacker's Handbook, which has a good explanation of the basics.

Another good start is the various papers produced by Charlie Miller and Chris Valasek, such as their early work and their latest Jeep hack. [1] [2]

Specifically to my car, a Tesla, there is this site that documents all the undocumented bits about the car, such as listing the 56 CPUs found in the car.

Specifically, there is the work by Kevin Mahaffey and Marc Rogers covering their Tesla hacking. I hate them, because they've already done some of the obvious things I would've tried first, such as popping up an X Window on the display.

Anyway, this post is for my own benefit, so when I lose my notes, I can find them again by googling. Maybe other people in similar situation might find it a bit useful, too.

How to use big data to transform IT operations

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Over the past half decade, the big data flame has spread like wildfire throughout the enterprise, and the IT department has not been immune. The promise of data-driven initiatives capable of transforming IT from a support function to a profit center has sparked enormous interest.

After all, datacenter scale, complexity, and dynamism has rapidly outstripped the ability of siloed, infrastructure-focused IT operations management to keep pace. IT big-data analytics has emerged as the new IT operations-management approach of choice, promising to make IT smarter and leaner. Nearly all next-generation operational intelligence products incorporate data analytics to some degree. However, as many enterprises are learning the hard way, big data doesn’t always result in success.

To read this article in full or to leave a comment, please click here

Encryption project issues first free SSL/TLS certificate

A project that aims to increase the use of encryption by giving away free SSL/TLS certificates has issued its first one, marking the start of its beta program. The project, called Let's Encrypt, is run by the Internet Security Research Group (ISRG) and backed by Mozilla, the Electronic Frontier Foundation (EFF), Cisco and Akamai, among others. Let's Encrypt plans to distribute free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates, which encrypt data passed between a website and users. The use of SSL/TLS is signified in most browsers by "https" and a padlock appearing in the URL bar.To read this article in full or to leave a comment, please click here

Secunia acquired by Flexera Software

Secunia, the company specializing in software vulnerability management, has been acquired by software asset management company Flexera Software.The pairing of Flexera's asset discovery and management tools with Secunia's software vulnerability platform will give organizations the ability to thoroughly assess the security of applications discovered on the network, said Mark Bishof, Flexera Software's CEO.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Flexera's tools, which includes FlexNet Manager Suite and AdminStudio Suite, currently help discover all the hardware and software assets within the organization, how the licenses are used, and how to optimize software use. With the Secunia addition, organizations will be able to scrutinize the discovered applications to uncover unpatched vulnerabilities. This will give IT teams the information they need to update to the latest patch or to create a workaround to temporarily mitigate the issue until a patch is available.To read this article in full or to leave a comment, please click here

Sponsored Post: Microsoft, Instrumental, Location Labs, Enova, Librato, Surge, Redis Labs, Jut.io, VoltDB, Datadog, SignalFx, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • Microsoft’s Visual Studio Online team is building the next generation of software development tools in the cloud out in Durham, North Carolina. Come help us build innovative workflows around Git and continuous deployment, help solve the Git scale problem or help us build a best-in-class web experience. Learn more and apply.

  • Are you someone who can efficiently spin up and maintain large production Linux deployments? Can you troubleshoot systems in the middle of the night as well as design them so that you don't have to wake up? If so, and you want to work with some of the best in the business, you will probably love the Infrastructure Group at Location Labs. Please apply here.

  • As a Lead Software Engineer at Enova you’ll be one of Enova’s heavy hitters, overseeing technical components of major projects. We’re going to ask you to build a bridge, and you’ll get it built, no matter what. You’ll balance technical requirements with business needs, while advocating for a high quality codebase when working with full business teams. You’re fluent in ‘technical’ language and ‘business’ language, because you’re the engineer everyone counts on to understand how it works now, how it Continue reading

Arista expands its portfolio with 25, 50, and 100-Gig data center switches

It seems 10 Gig Ethernet (Gig-E) technology has been the de facto standard in data centers for the better part of a decade now. Frankly, 10 Gig-E is still a lot of bandwidth and is fine for most businesses. However, it cannot cost-effectively meet the bandwidth requirements of next-generation cloud and web-scale environments. Sure, there's 40 Gig-E, but that's actually four 10 Gig-E "lanes" bonded together, so the cloud provider would likely have to install at least twice as many switches, along with all the cabling, space, power, and cooling required to meet the needs of today and the near future.This is the primary driver behind the development of the 25 Gig-E standard. Compared to 10 Gig-E, 25 Gig-E provides 2.5-times the performance, making it much more cost-effective. Since the 25 Gigabits of bandwidth is provided in single lane, it provides much greater density and scale than 10 Gig-E. Also, deploying 25 Gig-E provides an easy upgrade path to 50 Gig-E (2 lanes) or even 100 Gig-E (4 lanes).To read this article in full or to leave a comment, please click here

Attackers can take over Cisco routers; other routers at risk, too

Attackers have successfully infected Cisco routers with an attack that persists to provide a means for compromising other machines and data on the networks the routers serve, FireEye says.The SYNful Knock attack successfully implanted altered versions of firmware into 14 Cisco routers in India, Mexico, the Philippines and Ukraine, according to FireEye, that gives full access to the devices, and researchers expect compromised machines to show up in more places and in other brands of routers.SYNful Knock downloads software modules to customize further attacks and have been found in in Cisco 1841, 2811 and 3825 routers. It initially requires either physical access to routers or valid passwords; there is no software vulnerability being exploited, FireEye says in a blog post.To read this article in full or to leave a comment, please click here

DomainTools’ Iris interface speeds up cybercrime investigations

Cybercriminals often leave a lot of digital crumbs, and when organizations get attacked, finding those clues can help reveal who is attacking and why.For 15 years, a small company called DomainTools, based in Seattle, has collected vast amounts of information about the Web: historical domain name registrations and network information, all of which are extremely valuable in investigating cyberattacks.Using its tools makes it possible, for example, to see what other websites are using a particular IP address, what email address was used to register them, DNS servers and other information.But DomainTools' Web-based interface wasn't designed in a way that reflected the workflows that investigators follow when probing cyberattacks and the speed at which they need to collate large amounts of information.To read this article in full or to leave a comment, please click here

1 3,236 3,237 3,238 3,239 3,240 3,756